The script contrib/hook-scripts/check-mime-type.pl does not escape
argv arguments to 'svnlook' that start with a hyphen. This could be
used to cause 'svnlook', and hence check-mime-type.pl, to error out.

The script contrib/hook-scripts/svn-keyword-check.pl parses filenames
from the output of 'svnlook changed' and passes them to a further
shell command (equivalent to the 'system()' call of the C standard
library) without escaping them. This could be used to run arbitrary
shell commands in the context of the user whom the pre-commit script
runs as (the user who owns the repository).

This can lead to a DoS. An exploit has been tested, and tools
or users have been observed triggering this problem in the
wild.

Subversion's mod_dav_svn Apache HTTPD server module may in
certain scenarios enter a logic loop which does not exit and
which allocates memory in each iteration, ultimately exhausting
all the available memory on the server.

This can lead to a DoS. There are no known instances of this
problem being observed in the wild, but an exploit has been
tested.

Subversion's mod_dav_svn Apache HTTPD server module may leak to
remote users the file contents of files configured to be
unreadable by those users.

There are no known instances of this problem being observed in
the wild, but an exploit has been tested.